I'm in a bind right now. Here I got this wonderful thing called Google, but I am stumped for resources that will allow me to better develop my basic desire.

I run the internet for a local special interest group - one where we have three business class WAN connections that are passed through PacketFilter on FreeBSD (blocking all incoming connections except previously established ones and a select few services for remote administration - I've got priority queues set up to ensure speedy HTTP/IMAP) and load balanced to 27 bandwidth hungry users.

I want to simplify and preserve end to end-ianness but I am hesitant on how to set things up so that my users can do exactly the same thing, except with the hope of reducing the headache of NAT. Is there a resource that can bring me up to speed on what I want to do?

It's not clear to me what it is that you want to do. You want to simplify - what? Apparently, there is some involvement of IPv6 here - what is it that you want to do?
–
Martin v. LöwisOct 31 '10 at 14:03

For now, IPv6, Internet and simplify do not belong in the same statement.
–
RobMNov 3 '10 at 21:53

1 Answer
1

It sounds like you're using IPv4 NAT for multihoming across the three WAN connections at the moment. This is one of the less well-supported use cases for IPv6 at the moment, though there are some draft standards in process that will improve the situation somewhat. There are going to be some tradeoffs, though.

I'll assume all three connections are through different providers, and each has assigned you a /48 from their own address space. Probably the best way to do this with technology available today is to advertise all three prefixes into the LAN, so each host has an address from each ISP. For automatic failover, you can monitor each link and set the appropriate prefix's preferred lifetime to zero when the corresponding link goes down. You'll have to use source routing on the router so that the appropriate source addresses go out the right links.

You'll still be able to apply priority queues on each ISP link, but it will move the ISP selection (equivalent to source-address selection here) from the router to the end-host. You can influence this with the RFC3484 table, kept in /etc/gai.conf on Linux systems; not sure what the equivalent is other OSes, but it should be configurable. There's an IETF draft (draft-fujisaki-6man-addr-select-opt-00) to distribute this information through DHCPv6.

If you also run internal servers, you might want to use a Unique Local Addressing (ULA) prefix internally as well, and use the ULA addresses in internal DNS. That way ISP failures won't affect internal communications.

If having control of ISP selection at the router is important to you, take a look at the NAT66 drafts. I'm not sure if there's running code for them yet, but it provides the same sort of ISP independence as NAT44. It breaks end-to-end addressing, but because it only swaps prefixes it's stateless and can support end-to-end connectivity, so it's a bit less harmful than v4 NAT.